代码之家  ›  专栏  ›  技术社区  ›  Ooker

如何从blob中删除秘密?

secret-key blob github git
  •  0
  • Ooker  · 技术社区  · 6 月前

    一、 git push 一个repo并出现以下错误: 

    remote: - GITHUB PUSH PROTECTION
remote:   —————————————————————————————————————————
remote:     Resolve the following violations before pushing again
remote:
remote:     - Push cannot contain secrets
remote:
remote:
remote:      (?) Learn how to resolve a blocked push
remote:      https://docs.github.com/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#resolving-a-blocked-push
remote:
remote:      (?) This repository does not have Secret Scanning enabled, but is eligible. Enable Secret Scanning to view and manage detected secrets.
remote:      Visit the repository settings page, https://github.com/QuaCau-TheSphere/BV-ton-tai-trong-the-gioi-tu-ban/settings/security_analysis
remote:
remote:
remote:       —— GitHub Personal Access Token ——————————————————————
remote:        locations:
remote:          - blob id: 1fbb1eec3113333f234104065cc2da11870dd9c7
remote:          - blob id: 1fbb1eec3113333f234104065cc2da11870dd9c7
remote:          - blob id: 1fbb1eec3113333f234104065cc2da11870dd9c7
remote:          - blob id: 1fbb1eec3113333f234104065cc2da11870dd9c7
remote:          - blob id: 1fbb1eec3113333f234104065cc2da11870dd9c7
remote:
remote:        (?) To push, remove secret from commit(s) or follow this URL to allow the secret.
remote:        https://github.com/QuaCau-TheSphere/BV-ton-tai-trong-the-gioi-tu-ban/security/secret-scanning/unblock-secret/2rQiwV6UWe7GhaSG1sleJtFzFHX
remote:
remote:
remote:     ——[ WARNING ]—————————————————————————————————————————
remote:      Scan incomplete: This push was large and we didn't finish on time.
remote:      It can still contain undetected secrets.
remote:
remote:      (?) Use the following command to find the path of the detected secret(s):
remote:          git rev-list --objects --all | grep blobid
remote:     ——————————————————————————————————————————————————————

    我跟着 Working with push protection from the command line - GitHub Docs 并执行以下操作: 

    git rebase -i 1fbb1eec3113333f234104065cc2da11870dd9c7~1

    错误: 

    error: object 1fbb1eec3113333f234104065cc2da11870dd9c7 is a blob, not a commit
fatal: invalid upstream '1fbb1eec3113333f234104065cc2da11870dd9c7~1'

    网上搜索 git rebase a blob 没有结果。接下来我该怎么办?

    1 回复  |  直到 6 月前
        1
  •  1
  •   dani-vta    6 月前

    这个 step 4 你链接的指南说

    使用git rebase-i<启动交互式rebase;COMMIT-ID>~1.

    相反,您提供了包含秘密的blob的SHA1,而不是用于重基的提交的SHA1。如果你需要知道包含有罪blob的提交,你可以运行 git log --find-object blob id附带的选项。 

    git log --all --find-object=1fbb1eec3113333f234104065cc2da11870dd9c7

    如果该命令只返回一个提交,则从之前的提交重设基础,否则从返回的历史中最远的提交之前的提交重新设基础。 

    git rebase -i <furthest-commit-id>~1
    推荐文章
    Emile Dadou  ·  gitignore-忽略不尊重特定掩码的文件夹
    5 月前
    realmikep  ·  `Github Actions工作流中的git commit`失败:未授予对存储库的写入访问权限,403
    5 月前
    merlin2011  ·  是否有可能“git fetch”只获取特定的分支,而不在每次调用时指定完整的refspec?
    6 月前
    Harry  ·  如何在编译时获取克隆的git仓库的标签
    6 月前
    Ooker  ·  如何从blob中删除秘密?
    6 月前
    hasdrubal  ·  git日志图智能分支过滤器
    6 月前
    merlin2011  ·  是否有一个git命令可以在不更改任何引用的情况下使工作树等于索引?
    7 月前
    merlin2011  ·  git commit中可能的所有头文件及其顺序是否都有记录?
    7 月前
    Stephen  ·  git rebase删除了未经樱桃采摘的“樱桃采摘”提交
    7 月前
    J. Doe  ·  为什么git中没有跟踪git文件?
    7 月前
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号